# yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/tasks.json
---
- name: Enable Docker Swarm mode
  register: swarm_info
  community.docker.docker_swarm:
    state: present

- name: Create Traefik network
  community.docker.docker_network:
    name: reverse-proxy
    driver: overlay
    attachable: true

- name: Check if Docker context exists
  local_action: ansible.builtin.command docker context inspect {{ ansible_hostname }}
  register: context_exists
  ignore_errors: true

- name: Create Docker context for each Swarm manager machine
  local_action: >
    ansible.builtin.command docker context create {{ ansible_hostname }} --docker "host=ssh://{{ ansible_default_ipv4.address }}"
  when: context_exists.stderr != ''

- name: Deploy Traefik service
  community.docker.docker_compose_v2:
    remove_orphans: true
    project_name: reverse-proxy
    definition:
      networks:
        reverse-proxy:
          external: true
      services:
        traefik:
          container_name: traefix-proxy
          image: 'traefik:latest'
          restart: unless-stopped
          networks:
            - reverse-proxy
          ports:
            # listen on host ports without ingress network
            - target: 80
              published: 80
              protocol: tcp
              mode: host
            - target: 443
              published: 443
              protocol: tcp
              mode: host
            - target: 8080
              published: 8080
              protocol: tcp
              mode: host
          volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
          healthcheck:
            test: 'wget -qO- http://localhost:80/ping || exit 1'
            interval: 4s
            timeout: 2s
            retries: 5
          command:
            - '--ping=true'
            - '--ping.entrypoint=http'
            - '--api.dashboard=true'
            - '--api.insecure=true'
            - '--entrypoints.http.address=:80'
            - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
            - '--entrypoints.http.http.encodequerysemicolons=true'
            - '--entryPoints.http.http2.maxConcurrentStreams=50'
            # - "--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375"
            - --providers.swarm.exposedByDefault=false
            - --providers.swarm.network=reverse-proxy
          deploy:
            mode: global
            placement:
              constraints:
                - node.role==manager
            labels:
              - traefik.enable=true
              - traefik.http.routers.traefik.entrypoints=http
              - traefik.http.routers.traefik.service=api@internal
              - traefik.http.services.traefik.loadbalancer.server.port=8080